What Do HIPAA Standards Mean for You?
HIPAA Security Rules
Four different rules make up the HIPAA (Health Insurance Portability and Accountability Act), rules which are administered by the US Department of Health and Human Services.
Specifically, HIPAA eCommerce platforms must focus on its security rule, which comprises three subsections: implement hardware with physical safeguards, technical safeguards, and administrative safeguards. Each of these subsections has its own requirements as well. Hiring a HIPAA consultant is the first step to making sure you follow HIPAA standards.
Protect Electronic Protected Health Information
The most common concern regarding information systems is to address technical safeguards, which can be broken into access control, authentication, and transmission security. Tools such as SSL make sure the application is sending data security over socket layers or that the data itself is being encrypted when stored.
It also includes access limitations, making unauthorized users and unauthorized computers unable to access data in information systems. A HIPAA eCommerce application can essentially lock down the capabilities of interacting with the system.
HIPAA Audit Logs
HIPAA logging requirements also necessitate extensive information system audit logs, including when the data was available, who accessed it, and when it was accessed. HIPAA audit logs also track all changes made to the data, helping keep track of who is responsible for changes and making any internal privacy breach—or user input—easier to solve.
Keeping track of HIPAA audit logs can be relatively challenging to do manually. As such, the eCommerce application itself needs to log interactions with the data, ensure that the data is encrypted correctly during transmission, and protect data at rest. Audit controls will be in the hands of a select few employees.
Upgrade to Follow the HIPAA Security Rule
The eCommerce platform itself must be configured and validated to be compliant. Clarity uses highly regarded to perform much of this periodic auditing and reviewing. This software provides the most common protection protocols to pass HIPAA eCommerce compliance.